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1 Trading packet headers for packet processing 
Girish P. Chandranmenon, George Varghese 

April 1996 IEEE/ACM Transactions on Networking (TON), volume 4 issue 2 

Additional Information: full citation , references , citings , index terms , 
review 



Full text available: *£) pdf (1.41 MB) 



Trading packet headers for packet processing 
Girish P. Chandranmenon, George Varghese 

October 1995 ACM SIGCOMM Computer Communication Review , Proceedings of the 
conference on Applications, technologies, architectures, and protocols 
for computer communication, volume 25 issue 4 

Full text available* W pdf(1.21 MB) Additional Information: full citation , abstract , references , citings , index 
^ terms 

In high speed networks, packet processing is relatively expensive while bandwidth is cheap. 
Thus it pays to add information to packet headers to make packet processing easier. While 
this is an old idea, we describe several specific new mechanisms based on this principle. We 
describe a new technique, source hashing, which can provide 0(1) lookup costs at the Data 
Link, Routing, and Transport layers. Source hashing is especially powerful when combined 
with the old idea of a flow I ... 



3 Measurement: A high-levelprogramming environment for packet trace anonymization Q 
and transformation 
Ruoming Pang, Vern Paxson 

August 2003 Proceedings of the 2003 conference on Applications, technologies, 
architectures, and protocols for computer communications 

Full text available: *g] pdf(251.27 KB) Additional Information: full citation , abstract , reference s, index terms 

Packet traces of operational Internet traffic are invaluable to network research, but public 
sharing of such traces is severely limited by the need to first remove all sensitive 
information. Current trace anonymization technology leaves only the packet headers intact, 
completely stripping the contents; to our knowledge, there are no publicly available traces 
of any significant size that contain packet payloads. We describe a new approach to 
transform and anonymize packet traces. Our tool provide ... 

Keywords: anonymization, internet, measurement, network intrusion detection, packet 
trace, privacy, transformation 
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4 Packet classification using tuple space search H 
V. Srinivasan, S. Suri, G. Varghese 

August 1999 ACM SIGCOMM Computer Communication Review , Proceedings of the 

conference on Applications, technologies, architectures, and protocols for 
computer communication, volume 29 issue a 

_ , ^ Additional Information: full citation , abstract , references , citings , index 

Full text available: * g|pdf(!46 MB) teim$ 

Routers must perform packet classification at high speeds to efficiently implement functions 
such as firewalls and QoS routing. Packet classification requires matching each packet 
against a database of filters (or rules), and forwarding the packet according to the highest 
priority filter. Existing filter schemes with fast lookup time do not scale to large filter 
databases. Other more scalable schemes work for 2-dimensional filters, but their lookup 
times degrade quickly with each additional dime ... 

5 High-speed policy-based packet forwarding using efficient multi-dimensional range H 
matching 

T. V. Lakshman, D. Stiliadis 

October 1998 ACM SIGCOMM Computer Communication Review , Proceedings of the 

ACM SIGCOMM '98 conference on Applications, technologies/ 

architectures, and protocols for computer communication, volume 28 issue 4 

i_ || , ., , - iSssPi , Monym Additional Information: full citation , abstract , references , citings , index 

Full text available: l W pdf(1.82 MB) 

^ terms 

The ability to provide differentiated services to users with widely varying requirements is 
becoming increasingly important, and Internet Service Providers would like to provide these 
differentiated services using the same shared network infrastructure. The key mechanism, 
that enables differentiation in a connectionless network, is the packet classification function 
that parses the headers of the packets, and after determining their context, classifies them 
based on administrative policies or re ... 

6 Hash-based IP traceback H 
Alex C. Snoeren 

August 2001 ACM SIGCOMM Computer Communication Review , Proceedings of the 
2001 conference on Applications, technologies, architectures, and 
protocols for computer communications, volume 3i issue 4 

Full text available: * p| pdf(179.03 KB) Additional Information: full citation , references , citings , index terms 



Single-packet IP traceback H 
Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, 
Beverly Schwartz, Stephen T. Kent, W. Timothy Strayer 

December 2002 IEEE/ACM Transactions on Networking (TON), volume 10 issue 6 

r- .. * ^ i L. t rs* . wl -« 0 Additional Information: full citation , abstract , references , citings , index 

Full text available: Til pdf(528.41 KB) ' — 

L ^ terms 

The design of the IP protocol makes it difficult to reliably identify the originator of an IP 
packet. Even in the absence of any deliberate attempt to disguise a packet's origin, 
widespread packet forwarding techniques such as NAT and encapsulation may obscure the 
packet's true source. Techniques have been developed to determine the source of large 
packet flows, but, to date, no system has been presented to track individual packets in an 
efficient, scalable fashion. We present a hash-based techn ... 

Keywords: IP traceback, computer network management, computer network security, 
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denial of service (DoS), network fault diagnosis, wide-area networks (WANs) 



8 Network security: Efficient packet marking for large-scale IP t raceback 
Michael T. Goodrich 

November 2002 Proceedings of the 9th ACM conference on Computer and 

communications security 

r u* + . u. tfs* ^/nonnoixm Additional Information: full citation , abstract, referen ces, citings, index 
Full text available: 1| | pdf(239.98 KB) terms 

We present a new approach to IP traceback based on the probabilistic packet marking 
paradigm. Our approach, which we call randomize-and-link, uses large checksum cords to 
"link" message fragments in a way that is highly scalable, for the checksums serve both as 
associative addresses and data integrity verifiers. The main advantage of these checksum 
cords is that they spread the addresses of possible router messages across a spectrum that 
is too large for the attacker to easily create messages th ... 
f 

Keywords: denial-of-service, packet marking, traceback 



9 Fast and scalable layer four switchin g 

V. Srinivasan, G. Varghese, S. Suri, M. Waldvogel 

October 1998 ACM SIGCOMM Computer Communication Review , Proceedings of the 

ACM SIGCOMM '98 conference on Applications, technologies, 

architectures, and protocols for computer communication, volume 28 issue 4 

u. est Mt A -7* kjiD\ Additional Information: full citation , abstract , references , citings, index 
Full text available: *gjpdf(1.7 6 MB) terms 

In Layer Four switching, the route and resources allocated to a packet are determined by 
the destination address as well as other header fields of the packet such as source address, 
TCP and UDP port numbers. Layer Four switching unifies firewall processing, RSVP style 
resource reservation filters, QoS Routing, and normal unicast and multicast forwarding into 
a single framework. In this framework, the forwarding database of a router consists of a 
potentially large number of filters on key header ... 

10 Cr ypto-based identifiers (CBIDs): Concepts and applications 
Gabriel Montenegro, Claude Castelluccia 

February 2004 ACM Transactions on Information and System Security (TISSEC), volume 7 

Issue 1 

Full text available: *g| pdf(262.76 KB) Additional Information: full citation , abstract , references , index terms 

This paper addresses the identifier ownership problem. It does so by using characteristics of 
Statistical Uniqueness and Cryptographic Verifiability (SUCV) of certain entities which this 
document calls SUCV Identifiers and Addresses, or, alternatively, Crypto-based Identifiers. 
Their characteristics allow them to severely limit certain classes of denial-of-service attacks 
and hijacking attacks. SUCV addresses are particularly applicable to solve the address 
ownership problem that hinders mechani ... 

Keywords: Security, address ownership, authorization, group management, mobile IPv6, 
opportunistic encryption 



11 Trajectory sampling for direct traffic observation H 
N. G. Duffield, Matthias Grossglauser 

June 2001 IEEE/ACM Transactions on Networking (TON), volume 9 issue 3 

Additional Information: full citation , abstract , references , citings , I ndex 



Full text available: m pdf(251.55 KB) 

terms 
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Traffic measurement is a critical component for the control and engine ering of 
communication networks. We argue that traffic measurement should make it possible to 
obtain the spatial flow of traffic through the domain, i.e., the paths followed by packets 
between any ingress and egress point of the domain. Most resource allocation and capacity 
planning tasks can benefit from such information. Also, traffic measurements should be 
obtained without a routing model and without knowledge of netw ... 

Keywords: Hash functions, Internet traffic measurement, packet sampling, traffic 
engineering 



12 Trajectory sampling for direct traffic observation 
N. G. Duffield, M. Grossglauser 

August 2000 ACM SIGCOMM Computer Communication Review , Proceedings of the 

conference on Applications, Technologies, Architectures, and Protocols for 

Computer Communication, Volume 30 issue 4 

r- ii* * -i ui a , f/ ^n 7 ^m Additional Information: full citation , abstract , references , citings , index 
Full text available: l g | pdf(421.07 KB) terms 

Traffic measurement is a critical component for the control and engineering of 
communication networks. We argue that traffic measurement should make it possible to 
obtain the spatial flow of traffic through the domain, i.e., the paths followed by packets 
between any ingress and egress point of the domain. Most resource allocation and capacity 
planning tasks can benefit from such information. Also, traffic measurements should be 
obtained without a routing model and without knowledge of netwo ... 

13 A pseudo-machine for packet monitoring and statistics 

R. T. Braden 

August 1988 ACM SIGCOMM Computer Communication Review , Symposium 

proceedings on Communications architectures and protocols, volume is issue 

4 

r- .. . * •. u. ^ , f/nM nc isc>\ Additional Information: full citation , abstract , references , citings, index 
Full text available: fm pdf(962.Q6 KB) ; — 

^ terms 

This paper concerns the design of a flexible and efficient packet monitoring program for 
analyzing traffic patterns and gathering statistics on a packet network. This monitor 
operates in real time, using an analyzer which is an interpretive pseudo-machine driving 
object-oriented data collection programs. The pseudo-program for the interpreter is 
"compiled" from configuration commands written in a monitoring control language. 

14 Efficient demultiplexing of incoming TCP packets H 
Paul E. McKenney, Ken F. Dove 

October 1992 ACM SIGCOMM Computer Communication Review , Conference 

proceedings on Communications architectures & protocols, Volume 22 issue 4 

^ 11* ^ -i u. dpi .r/nocco^m Additional Information: full citation , abstract , references , citings, index 

Full text available: Tnpdf(985.58 KB) x 

^ ~~~ terms 

When a transport protocol segment arrives at a receiving system, the receiving system must 
determine which application is to receive the protocol segment. This decision is typically 
made by looking up a protocol control block (PCB) for the segment, based on information in 
the segment's header. PCB lookup (a form of demultiplexing) is typically one of the more 
expensive operations in handling inbound protocol segment [Fel90], Many recent protocol 
optimizations for the Transmission ... 

15 A multi-user data flow architecture 
F. J. Burkowski 

May 1981 Proceedings of the 8th annual symposium on Computer Architecture 
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Full text available: B g| odf(606.85 KB) Additional Information: fuMcitation, abstract, references , citings, index 

terms 

This paper discusses the design of a prototype data flow machine that has memory 
management hardware in each memory block. This facility allows loading and deleting code 
that is produced by independent compilations. The first sections of the paper deal with the 
general architecture of the machine and the format specifications for the instruction cells, 
logical addresses, and switch packets. The paper concludes with a discussion of the mapping 
hardware used in the memory blocks. The results ... 

16 Routing with a clue 

Yehuda Afek, Anat Bremler-Barr, Sariel Har-Peled 

December 2001 IEEE/ACM Transactions on Networking (TON), Volume 9 issue 6 

Full text available: | || pdf(227.57 KB) Additional Information: full citation , abstract , references , index terms 

We suggest a new simple forwarding technique to speed up IP destination address lookup. 
The technique is a natural extension of IP, requires 5 bits in the IP header (IPv4, 7 in IPv6), 
and performs IP lookup nearly as fast as IP/Tag switching but with a smaller memory 
requirement and a much simpler protocol. The basic idea is that each router adds a "clue" to 
each packet, telling its downstream router where it ended the IP lookup. Since the 
forwarding tables of neighboring routers are similar, th ... 

Keywords: Best matching prefix, IP forwarding, IP lookup, IP routing, MPLS 



17 Routing with a clue mm 
Anat Bremler-Barr, Yehuda Afek, Sariel Har-Peled 

August 1999 ACM SIGCOMM Computer Communication Review , Proceedings of the 

conference on Applications, technologies, architectures, and protocols for 
computer communication, volume 29 issue 4 

. ^ ^.^^ Additional Information: full citation , abstract, references , citings, index 
Full text available: l f |pdf(1.26 MB) tefms 

We suggest a new simple forwarding technique to speed-up IP destination address lookup. 
The technique is a natural extension of IP, requires 5 bits in the IP header (IPv4, 7 in IPv6) 
and performs IP lookup nearly as fast as IP/Tag-switching but with a smaller memory 
requirement and a much simpler protocol. The basic idea is that each router adds a "clue" to 
each packet, telling its downstream router where it ended the IP lookup. Since the 
forwarding tables of neighboring routers are similar, the ... 

18 BPF+: exploiting global data-flow optimization in a generalized packet filter architecture 
Andrew Begel, Steven McCanne, Susan L. Graham 

August 1999 ACM SIGCOMM Computer Communication Review , Proceedings of the 

conference on Applications, technologies, architectures, and protocols for 

computer communication, volume 29 issue 4 

r- . ^ L., 0i Ml « cc *, D x Additional Information: full citation , abstract , references , citings, index 
Full text available: ■g ] pdf( 1.5 5 MB) terms 

A packet filter is a programmable selection criterion for classifying or selecting packets from 
a packet stream in a generic, reusable fashion. Previous work on packet filters falls roughly 
into two categories, namely those efforts that investigate flexible and extensible filter 
abstractions but sacrifice performance, and those that focus on low-level, optimized filtering 
representations but sacrifice flexibility. Applications like network monitoring and intrusion 
detection, however, requ ... 

19 A flow-based approach to datagram security 
Suvo Mittra, Thomas Y. C. Woo 
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October 1997 ACM SIGCOMM Computer Communication Review , Proceedings of the 
ACM SIGCOMM '97 conference on Applications, technologies, 
architectures, and protocols for computer communication, volume 27 issue 4 

r- „* .* -. u. « ^onimm Additional Information: fyHJ^ 
Full text available: *g]pdf(2.04 MB) terms 

Datagram services provide a simple, flexible, robust, and scalable communication 
abstraction; their usefulness has been well demonstrated by the success of IP, UDP, and 
RPC. Yet, the overwhelming majority of network security protocols that have been proposed 
are geared towards connection-oriented communications. The few that do cater to datagram 
communications tend to either rely on long term host-pair keying or impose a session- 
oriented (i.e., requiring connection setup) semantics. Separately, t ... 

20 Dealing with high speed links and other measurement challenges: A method to 
compress and anonym ize packet traces 
Markus Peuhkuri 

November 2001 Proceedings of the First ACM SIGCOMM Workshop on Internet 
Measurement 

r- ,.x . -, u, « -to i^dx Additional Information: full citation , abstract , references , citings , inde x 

Full text available: l g) pdf(792.18 KB) terms 

Data volume and privacy issues are one of problems related to large-scale packet capture. 
Utilizing flow nature of Internet traffic can reduce data volume. Removing sensitive 
information such as IP addresses enchanges privacy. Our method makes possible to have 
same replacement value for given IP address even if capture location or time is different. 

Keywords: anonymization, data compression, packet capture 
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